18 November 2011

The correct gcc parameter for Intel Core Duo

On the quest of optimization....

One thing that bugs my mind lately is: which architecture Intel Core Duo uses? If we read this Wikipedia entry, one will quickly conclude that it is "enhanced" Pentium M.

So, does gcc agree with it? Not really. Using the idea taken from this blog entry, Core Duo is a Prescott! Here's the output:

/usr/lib/gcc/i486-linux-gnu/4.4.3/cc1 -E -quiet -v - -D_FORTIFY_SOURCE=2 -march=prescott --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=2048 -mtune=generic -fstack-protector

Surprisingly, this is indeed correct. Gentoo's wiki page support this, even Intel's engineer puts amen.

Summary: I conclude, Core Duo it's Yonah (Pentium M), but optimization wise, assume it's Prescott.


Mulyadi Santosa

03 October 2011

hashing? great.... which one?

Hi folks....

hashing is quite large subject. I myself simply use hash to confirm whether two files (or more) are identical or not (using md5sum, sha256sum).

But as the books say, hashing could has collisions. And hashing, one way or another, could be reversed. or in other word, there is no such perfect true one way hashing. Alright, we can't pursue perfection here. So what's the recipe to pick the best hashing method?

Fortunately, an article written by Valerie Aurora gives us the clue. For the impatient, you better use something like SHA-2 (sha256 or better). I found the article nicely explain the issues behind hashing with quite friendly (read: non hacker-ish) tone :)

Cheers and have a nice day ....


Mulyadi Santosa

02 July 2011

Feedback regarding my "stat or ls" post

Hi all

Several people are kind enough to share her/his thoughts about my "stat or ls" post. One of them even share this forum post. Quite neat I must say!

Basically they said that both "ls" and "stat" output are correct. One even compare it with "du" output (by default, "du" is using block size unit when showing file size).

What I might failed to stress was, the tests done in my last post was done on top of SELinux enabled-ext3 filesystem. "So what?" you might ask. Briefly maybe none. But my friend pointed that stat was accouting extra blocks that might (I say "might" because my friend is not so sure) contain metadata such as SELinux and ACL.

So far, I find it consistent that the used blocks reported in "ls -ls" is always half of one reported by "stat". It must be something related to return value of function I stated in my previous post. 1KiB? hmmmm......

PS: Further info regarding by block device and filesystem. Thanks to Justin Cook who pointed me to this neat tool:

# blockdev --getbsz /dev/sda3
# blockdev --getss /dev/sda3
The first is my fs block size, the latter is my disk sector size.


Mulyadi Santosa.

01 July 2011

stat or ls? which one showing correct number of used block?

The answer: stat!

(credits to Manish Katiyar who helped me tinkering with the codes.... click here to find out more about him)

Why? OK, suppose we create a test file like this:
dd if=/dev/zero of=doang.img bs=1K count=3

And then we run both ls and stat against it:
$ stat doang.img
  File: `doang.img'
  Size: 3072            Blocks: 16         IO Block: 4096   regular file

$ ls -ls doang.img
8 -rw-rw-r-- 1 mulyadi mulyadi 3072 Jun 30 12:36 doang.img

"what the @#$%?" Yeah I suppose you would say that. stat is saying the file is using 16 blocks while ls says 8 (leftmost one). Both couldn't be true, right?

Strace comes to rescue. Stracing both of them would yield something like this:

lstat64("/home/mulyadi/doang.img", {st_dev=makedev(8, 5), st_ino=1304650, st_mode=S_IFREG|0664, st_nlink=1, st_uid=500, st_gid=500, st_blksize=4096, st_blocks=16, st_size=3072, st_atime=2011/06/30-12:36:40, st_mtime=2011/06/30-12:36:40, st_ctime=2011/06/30-12:36:40}) = 0

lstat/fstat/stat is glibc function which fetch inode information about a file. In turn it will call stat syscall.

According to "man 2 stat", st_blocks denotes the number of blocks allocated for target file. So, we could directly say stat shows correct number.

But wait... why does ls show us 8? To find out, you need debuginfo of coreutils package or download coreutils package and compile by yourself. I assume you pick the latter. By default, compilation will leave debugging-ready binary in its source directory.

To make story short:
$ gdb src/ls
(gdb) b default_block_size
Breakpoint 1 at 0x80553e6: file human.c, line 407.
(gdb) r -ls ~/doang.img
Starting program: /home/mulyadi/Download/SOURCE/coreutils-8.12/src/ls -ls ~/doang.img
[Thread debugging using libthread_db enabled]

Breakpoint 1, default_block_size () at human.c:407
407       return getenv ("POSIXLY_CORRECT") ? 512 : DEFAULT_BLOCK_SIZE;

So, the above function would yield the "correct" block size which will be used for further computation. Guess what it returns?

(gdb) finish
Run till exit from #0  default_block_size () at human.c:407
0x0805553c in humblock (spec=0x0, opts=0x805feb0, block_size=0x805feb8)
    at human.c:419
419         *block_size = default_block_size ();
Value returned is $1 = 1024

Tada............. 1024 bye a.k.a 1 KiB ladies and gentlemen! That's why you see 8. It's 16*512/1024 = 16/2 = 8! Solved!

PS: this means my system, in this case ( a CentOS 5.x ) is not POSIX-ly correct. Not sure if that's a bad news or good news... :)

Conclusion: take any command's output with a grain of salt. Trusting them blindly sometimes might mislead yourself into wrong information. You have been warned.


Mulyadi Santosa.

27 June 2011

A nice interactive tutorial to learn how XSS works

Hi folks....

XSS (Cross site scripting) has been all over the news about security and I am sure you've heard about it even a bit. So, you must be curious on how it works....and more important is how to detect and fix such problem.

I came across this nice tutorial few days ago. I found it as simple, straight to the point and easy to follow....even for someone new in security field but at least has grab some root of web development. The author is Steve Kemp and it seems he has some talents regarding security (he released some advisories).

Follow the through the steps. Starting from reintroduction of what cookies is, how javascript could be used to read such info, then a simple intro about public forum text box that can be misused to display embedded javascript and eventually finished by a general recipe on how to prevent such problem (hint: some scripting modules can "wash out" unexpected characters).

Enjoy ............ :)


Mulyadi Santosa.

19 April 2011

Getting confused when exploring Qemu source? gcc comes to rescue!

Quick summary first: use gcc -save-temps!

Ever dig into Qemu ( source code? OK, I assume you ever did that at least once... may I ask, what's your first impression?

Here's mine: it's complex C code...and to make it more like a nightmare, it heavily uses c (gcc, to be precise) tricks almost everywhere. ifdef, "##", define....almost endless. IMHO, since Fabrice Bellard, its author, is somekind of C compiler wizard, he somehow pull out all of those tricks so easy from his mind. I know it should make the code kinda more readable, but for me, is not.

Take one for example: INDEX_op symbols. AFAIK, it has something to do with code generation, to be precise it's an index toward instruction op which will later be translated to target. Previously, I thought it was defined somewhere in header files, but turns out (after long hours of grep and cscope sessions) they were created by preprocessor (token concatenation, to be precise -- explanation here).

So, what is the recipe? I think I found it (thanks to this URL , although not really ideal. During configuration session, use extra cflags like this:
./configure --extra-cflags="-save-temps"
Put additional parameters as needed. Then do "make". Now, if you do this in main Qemu source tree:
find -iname "*.[is]"
you'll find several files. Each of them are result of  preprocessing (.i) and assembling (.s). Yeap, "-save-temps" comes to rescue, folks! So there you go... open them one by one and hopefully you get better picture on how to code works.


Mulyadi Santosa

04 April 2011

Troubleshooting failed login to GTalk in Empathy 2.30.3

Alright, I just wanna make it quick:
- Check "Ignore SSL certificate errors"
- Uncheck "Encryption required (TLS/SSL)"
- Use "443" as port
- Check "use old SSL"

OK, that's it works for me, hopefully it works for you too. Cheers...


Mulyadi Santosa

02 March 2011

My writing about filesystem in DataCenter Magazine 2/2011 issue

First of all, I thank God for the opportunity and trust He had given to me. Without His bless, I can't complete this article quick enough but still in good quality.

In 2/2011 issue of Data Center Magazine, I contribute an article that discusses about what filesystem really is, understanding several basic properties of filesystems and probably the most important one: how to choose the optimal filesystem for certain workload.

I welcome you to download, read and give me constructive feedback. As I am far from top notch technical writer level, feedback would allow me to enhance the quality and at the same time correct any possible errors.

PS: I owe a lot to Greg Freemyer for his inputs and critics on the early draft. He's one of the best file system expert I ever met!


Mulyadi Santosa.

19 February 2011

Human perception on latency.... and    show to me that, by experiments, when latency is under or roughly equal to 150-160 miliseconds, human sense can not feels or sees that. Good to know.... so one just need to make sure computation result is shown under 150 ms and we shall say "Dear Lord, it's magically appears" :)

30 January 2011

Fantastic CGI!

Silestone -- 'Above Everything Else' from Alex Roman on Vimeo.

Not sure about you people, but I think the above video is simply superb! And to make it even "more superb", it was made just by 2 person in 2 1/2 month. They certainly have the skill...

NB: If somehow the above embedded video isn't shown in this blog, just head over to this site to watch it.



29 January 2011

Order of argument evaluation in C, left-to-right or right-to-left?

Suppose you have written the below codes:

  int global_a = 10;
  int increase(void)
       return global_a += 10;

 int main(void)
      printf("%d,%d\n", increase(), global_a);
And you compile it, what output would you expect? "20,10"? or "20,20"? 
I was thinking "surely it is 20,20!". But this post says both are right! Wow.....
Note: the original poster was actually comparing GCC to TCC (Tiny C Compiler).


27 January 2011

NoSQL==No SQL in mind at all? :D

Making latest 2.6.x Linux kernel works with recent Linux distro

If you wanna compile new Linux kernel, let's say 2.6.35 onwards and you want it to run on fairly "old" distro, let's say CentOS 5.5, you might find it weird that it refuses to boot somewhere during root device mount?

Note: Wait, you say CentOS 5.5 is "old"? What I mean here is not "old" as "it's released 6-8 years ago", but old as "using quite old userspace tools"

What happen? You might think that you missed to enable (or possibly) include the filesystem driver in the initrd/initramfs. It's not. Thanks to various discussion archieve I found in Internet, it's a matter of enabling these two items in kernel config:

If you're confused where to find them, it's in "General Setup". The item is named "enable deprecated sysfs features to support old userspace too". Then you're ready to plunge the new kernel into the distro.



23 January 2011

gdb trick for printing array content

This is taken from Fedora planet, somekind of blog aggregator of the member of Fedora Community. This post discusses about the way we can print array values in gdb.

Here is the link, written by Sami Wagiaalla.

....And here is some excerpt from it:

 int main(){
   int *a;
   int b[3] = {1,2,3};
   a = b;

   int *c[3] = {a, b, 0};
   int **d = c;
   return 0;

   While debugging the above code if you do:

 (gdb) print b
 $4 = {1, 2, 3}

   that works.

 (gdb) print a
 $5 = (int *) 0x7fffffffe0f0

   that works too, but in order to print a as an array you must do:

 (gdb) print (int []) *a
 $7 = {1}

   and when you specify the size it gets better:

 (gdb) print (int [3]) *a
 $8 = {1, 2, 3}



05 January 2011

Money saving: how exactly we do that?

This is taken from a posting I received from PROFEC, an Indonesian entrepeneurship mailing list. Pretty interesting and valuable on how you're supposed to save your money. Please read on....

In a public financial training, a Financial Planner (FP) asked the participants: "How much money do you usually save every month? "

So many versions of the responses from the participants but it appears a remarks that said: "Saving? Just for a standart living alone is not even enough! "

Financial Planner (FP): "So, how many person in this room who do not have the habit of saving each month?"

Nearly half the participants raised their hands.

FP: "Why are you reluctant to save each month?"

Budi: Well, Sir, like my friend has said, was "...for living alone is just barely not even enough! "

FP: "Well now let me kindly ask you :what's the principle of saving as you know? "

Budi: "At the beginning of each month, I shall allocate my money to cover the expenditures that month, including paying existing debts and bills. If there are some amount of money left, I will save them. However, the problem is, every month there's virtually nothing left in my pocket."

FP: "(laughing) yes that is why you can not save because that is a wrong mindset. The correct principle of saving money was not from residual income but it is budgeted. Then you allocate the rest of your income to cope with the expenses".

Syamsul: "Ah yes. I read that principle too, which says that saving is done in front. Which is called "Pay yourself first?"

FP: "Yes principally, do that in front or we could say  "pay yourself first". Why? Because there is a financial law applicable universally known as Parkinson's Law. The law says that any income earned by
someone will be soo caught by the amount of expenditures. Let's say your income is 1 million rupiahs, then your spending will likely approach or exceed 1 million.

When you get to 3 million increase in income, then your spending will somehow increase to 3 million too. Hence you barely have nothing to save."

Syamsul: "It means the more income I have, the more expense I shall have too?"

FP: "Exactly and this is causing a lot of people unable to save money. Because their expenses are close to or even exceed their income."

Budi: "Then how are we supposed to save exactly?"

FP: "Take a percentage of your salary and then save or invest thme. The allocate the rest to cover the expenses accordingly."

Syamsul: "What is the ideal percentage on how much we should save?"

FP: "It's up to you. You may decide the percentage initially, then adjust it to meet your financial ability and then gradually increase up to 10-30% of your total monthly income. Practice this habit and you can always save no matter what."

Syamsul: "Yes I totally agree and this will be our new year's resolution for me and family."

-00 -

Why are people unable to save money? Actually there's no such big issue, just wrong mindset. So change your mindset and your life will change too.

-Change Your Mind Change Your Life-



02 January 2011

How to fix stuck mouse in aptosid as KVM guest ( + broken DNS resolve)

There's a small irritating problem when you install aptosid as KVM (Kernel Virtual Machine) guest: mouse "stuck"! When I take the focus to the KVM's SDL guest window, it just stays there.... For the record, I used aptosid-2010-03-apate-kde-lite-i386-201012262151.iso as the installation basis.

Turns out, you have to uninstall these packages (somehow they are installed automatically due to unknown reason). To avoid trouble, run it in either run level 2 or 3:

Just to be safe, uninstall virtualbox-ose-guest-x11 and virtualbox-ose-guest-utils too.

Re-run X again. You should be just fine this time.

PS: I also noticed I can't resolve any host names initially ( I used e1000 ethernet card emulation). What's the solution? Rather cheating actually: switch back to your terminal. Resolve the name of hosts mentioned inside /etc/apt/sources.list.d/ files, you may use "host", "nslookup" or "dig" command or else. Got the IP address? Good. Paste them inside those files. Then do:
$ sux

# apt-get update
# apt-get dist-upgrade
# apt-get install dnsutils

I have no idea why dnsutils is left there you go.